Step 9 – ISO27001: A Data Privacy Odyssey: How to Demonstrate Technical and Security Measures Under the GDPR Introduction Under current privacy laws, only one of the privacy principles applies directly to a data processor, and that is to ensure that adequate security and technical measures are in place. The GDPR mirrors this obligation on […]
Step 8 – “The Transfer Window” – Data Transfers Under the GDPR Introduction Every January in the UK we are used to seeing the football pundits gather to see how many millions of pounds will be exchanged in the Premiership to secure the transfer of top international player talent. The question for all employers is […]
Step 7 – Data Breaches “Once more unto the breach….” Why galvanising your troops to deal with data breach is a key part to compliance with the GDPR Introduction to data breaches The GDPR introduces a duty on organisations to report certain data breaches to their supervisory authority (Article 33) and, in some cases, to […]
Step 6 – Use Privacy Impact Assessments to Measure the Impact of Data Processing Operations Crash Test Dummy – Why every prudent processor of data should use Privacy Impact Assessments (PIA) We all feel more secure when we get into our cars knowing they are kitted out with multiple safety features developed through testing and […]
Step 5 – Vendor Management Through the GDPR looking glass… “She generally gave herself very good advice, (though she very seldom followed it)” – Why all entities processing data should follow the “very good advice” to “know your Vendor” Introduction In Step 2 of our GDPR blog series, we talked about the importance of data mapping, […]
Step 4 – The Right to Be Forgotten What is the right to be forgotten? Article 17 of the GDPR contains the right for data to be erased: otherwise known as the right to be forgotten. The principle behind this, as stated by the UK Information Commissioner’s Office (ICO), is to “enable an individual to […]
